Route Origin Authorization

$ rpki-client -vvf rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7488.roa
File:                     AS7488.roa (raw, json)
Hash identifier:          Jw9nrX5EHiUSVqzEUAhCts3bgmgLVXw+X75mKDw2s7c=
Subject key identifier:   27:C2:DC:B9:77:80:7A:F2:A8:07:9C:DA:94:EE:B4:07:B0:38:FD:F8
Certificate issuer:       /CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
Certificate serial:       276B9D61D1681A7A77618C40C839272DAE651905
Authority key identifier: 21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
Subject info access:      rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7488.roa
Signing time:             Fri 17 Apr 2026 17:28:30 +0000
ROA not before:           Fri 17 Apr 2026 17:23:30 +0000
ROA not after:            Fri 16 Apr 2027 17:28:30 +0000
asID:                     7488
IP address blocks:        82.39.116.0/23 maxlen: 24
                          82.39.120.0/21 maxlen: 24
                          82.39.128.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl
                          rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 19 Apr 2026 10:00:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            27:6b:9d:61:d1:68:1a:7a:77:61:8c:40:c8:39:27:2d:ae:65:19:05
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=218cc6e24105de6c5c9003d65243893cb3cfdd01
        Validity
            Not Before: Apr 17 17:23:30 2026 GMT
            Not After : Apr 16 17:28:30 2027 GMT
        Subject: CN=27C2DCB977807AF2A8079CDA94EEB407B038FDF8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:33:2a:d4:6d:32:ed:c1:bc:6b:74:ce:8d:c7:
                    89:56:80:49:09:c0:6a:35:fd:c9:4d:0a:9d:68:24:
                    e2:18:2a:a0:06:c5:1b:0c:f1:c3:d8:3b:ff:b0:9e:
                    58:d2:a7:e3:f0:26:0b:47:d1:9c:88:38:5c:92:3e:
                    d2:40:e0:94:04:5b:58:de:f1:f7:f8:fd:db:f2:66:
                    ea:9d:cd:02:5a:04:27:b4:58:91:3b:fd:89:e0:cb:
                    7b:07:d3:9d:22:37:d3:0e:f9:39:4b:bf:c6:09:35:
                    f8:f7:42:c9:0d:db:ef:73:ed:76:09:7a:49:d4:7a:
                    c3:9e:e9:66:08:8b:3e:22:92:ed:0e:66:df:00:5f:
                    02:81:28:c2:28:1e:86:c6:76:bc:97:92:b9:a3:f3:
                    cf:e7:7b:45:64:3e:b5:97:cb:08:a2:5b:60:bd:52:
                    5b:3d:7d:7b:4f:13:21:94:63:25:8a:fb:80:67:82:
                    47:52:9a:6d:25:81:04:23:0d:6a:57:23:21:3a:f0:
                    0d:b1:26:be:31:1a:8e:cc:06:aa:a8:ab:4e:e8:8f:
                    0b:73:06:ac:0b:8b:f3:1a:2d:ee:6d:0d:42:d6:0a:
                    33:68:c1:42:0b:14:12:0b:65:21:1e:a5:32:d3:09:
                    e0:3e:a8:4c:72:0c:4e:91:34:68:96:3b:dc:cd:1f:
                    8d:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:C2:DC:B9:77:80:7A:F2:A8:07:9C:DA:94:EE:B4:07:B0:38:FD:F8
            X509v3 Authority Key Identifier:
                keyid:21:8C:C6:E2:41:05:DE:6C:5C:90:03:D6:52:43:89:3C:B3:CF:DD:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/218CC6E24105DE6C5C9003D65243893CB3CFDD01.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IYzG4kEF3mxckAPWUkOJPLPP3QE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rsync.paas.rpki.ripe.net/repository/718a1b4f-b64c-402c-be15-dd82a41a1af6/0/AS7488.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  82.39.116.0/23
                  82.39.120.0-82.39.131.255

    Signature Algorithm: sha256WithRSAEncryption
         88:13:5d:77:f7:b9:65:68:aa:d3:57:87:5f:d0:ad:dd:53:0c:
         be:35:a4:bc:00:f1:15:d2:b6:0b:03:1d:92:ea:dd:84:48:32:
         2f:1f:d2:51:35:06:3a:96:0d:51:2a:8a:16:91:2d:68:de:52:
         70:d6:c2:63:12:18:f1:aa:e8:c7:cf:6a:f0:64:b3:b5:a3:2b:
         20:8d:fd:ff:1d:68:57:ce:f9:d4:e8:42:43:f1:a0:83:ec:0f:
         c6:5f:99:72:1d:25:bc:45:cd:09:24:3f:a6:45:78:23:2d:f9:
         2f:01:91:66:2b:9c:58:1a:4d:20:c9:eb:1f:8c:5f:7b:39:b2:
         29:61:98:29:46:52:80:39:fd:4e:89:a9:75:36:36:9f:e3:e4:
         dc:e3:fa:7d:13:e8:c8:95:95:ac:96:14:d8:2b:42:fb:a2:69:
         b5:b8:83:ff:45:b3:09:0a:c8:69:2b:39:4c:02:03:75:b8:21:
         9b:7f:f2:61:35:13:45:b8:14:80:f4:13:b6:ac:81:95:14:a3:
         71:e6:86:8b:d0:dc:a9:55:fc:c0:c1:68:e8:aa:c9:51:19:ea:
         01:54:02:d6:6d:0d:26:2b:bc:e9:2f:c4:ed:cf:e5:cc:0f:89:
         51:95:a2:30:50:bd:f9:dc:db:86:ea:51:39:74:54:43:d1:af:
         85:39:04:38
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgIUJ2udYdFoGnp3YYxAyDknLa5lGQUwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoMjE4Y2M2ZTI0MTA1ZGU2YzVjOTAwM2Q2NTI0Mzg5M2Ni
M2NmZGQwMTAeFw0yNjA0MTcxNzIzMzBaFw0yNzA0MTYxNzI4MzBaMDMxMTAvBgNV
BAMTKDI3QzJEQ0I5Nzc4MDdBRjJBODA3OUNEQTk0RUVCNDA3QjAzOEZERjgwggEi
MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC9MyrUbTLtwbxrdM6Nx4lWgEkJ
wGo1/clNCp1oJOIYKqAGxRsM8cPYO/+wnljSp+PwJgtH0ZyIOFySPtJA4JQEW1je
8ff4/dvyZuqdzQJaBCe0WJE7/Yngy3sH050iN9MO+TlLv8YJNfj3QskN2+9z7XYJ
eknUesOe6WYIiz4iku0OZt8AXwKBKMIoHobGdryXkrmj88/ne0VkPrWXywiiW2C9
Uls9fXtPEyGUYyWK+4BngkdSmm0lgQQjDWpXIyE68A2xJr4xGo7MBqqoq07ojwtz
BqwLi/MaLe5tDULWCjNowUILFBILZSEepTLTCeA+qExyDE6RNGiWO9zNH41XAgMB
AAGjggIWMIICEjAdBgNVHQ4EFgQUJ8LcuXeAevKoB5zalO60B7A4/fgwHwYDVR0j
BBgwFoAUIYzG4kEF3mxckAPWUkOJPLPP3QEwDgYDVR0PAQH/BAQDAgeAMIGVBgNV
HR8EgY0wgYowgYeggYSggYGGf3JzeW5jOi8vcnN5bmMucGFhcy5ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvNzE4YTFiNGYtYjY0Yy00MDJjLWJlMTUtZGQ4MmE0MWEx
YWY2LzAvMjE4Q0M2RTI0MTA1REU2QzVDOTAwM0Q2NTI0Mzg5M0NCM0NGREQwMS5j
cmwwZAYIKwYBBQUHAQEEWDBWMFQGCCsGAQUFBzAChkhyc3luYzovL3Jwa2kucmlw
ZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL0lZekc0a0VGM214Y2tBUFdVa09KUExQ
UDNRRS5jZXIweQYIKwYBBQUHAQsEbTBrMGkGCCsGAQUFBzALhl1yc3luYzovL3Jz
eW5jLnBhYXMucnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5LzcxOGExYjRmLWI2NGMt
NDAyYy1iZTE1LWRkODJhNDFhMWFmNi8wL0FTNzQ4OC5yb2EwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAtBggrBgEFBQcBBwEB/wQeMBwwGgQCAAEwFAMEAVIndDAM
AwQDUid4AwQCUieAMA0GCSqGSIb3DQEBCwUAA4IBAQCIE11397llaKrTV4df0K3d
Uwy+NaS8APEV0rYLAx2S6t2ESDIvH9JRNQY6lg1RKooWkS1o3lJw1sJjEhjxqujH
z2rwZLO1oysgjf3/HWhXzvnU6EJD8aCD7A/GX5lyHSW8Rc0JJD+mRXgjLfkvAZFm
K5xYGk0gyesfjF97ObIpYZgpRlKAOf1Oial1Njaf4+Tc4/p9E+jIlZWslhTYK0L7
omm1uIP/RbMJCshpKzlMAgN1uCGbf/JhNRNFuBSA9BO2rIGVFKNx5oaL0NypVfzA
wWjoqslRGeoBVALWbQ0mK7zpL8Ttz+XMD4lRlaIwUL353NuG6lE5dFRD0a+FOQQ4
-----END CERTIFICATE-----